Migrating opensource chef11 servers

JJ_Asghar · February 20, 2014, 7:55pm

So it seems I’ve been asked to migrate my chef11 server from one hosting company to another.

Any good suggestions/ideas/gotchas/tutorials to do this? I’d really like not to have to have every client.pem have to be recreated and re-check in.

Thanks in advance!

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com | c: 512.619.0722 | o: 512.977.5876

Tim_Smith1 · February 20, 2014, 7:59pm

Tim Smith - Systems Engineer
+1 707 738 8132
www.limelight.com

On Feb 20, 2014, at 11:55 AM, JJ Asghar jj.asghar@peopleadmin.com wrote:

So it seems I’ve been asked to migrate my chef11 server from one hosting company to another.

Any good suggestions/ideas/gotchas/tutorials to do this? I’d really like not to have to have every client.pem have to be recreated and re-check in.

Thanks in advance!

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com | c: 512.619.0722 | o: 512.977.5876

John_Keiser1 · February 20, 2014, 8:01pm

This should be sufficient:

Point all your chef-clients at the (empty) new server
"knife download /" from your old server
"knife upload /" to your new server

On Thu, Feb 20, 2014 at 11:55 AM, JJ Asghar jj.asghar@peopleadmin.comwrote:

So it seems I've been asked to migrate my chef11 server from one hosting
company to another.

Any good suggestions/ideas/gotchas/tutorials to do this? I'd really
like not to have to have every client.pem have to be recreated and re-check
in.

Thanks in advance!

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com | c: 512.619.0722 | o: 512.977.5876

John_Keiser1 · February 20, 2014, 8:01pm

(You will need to add "versioned_cookbooks true" to your knife.rb for this
to work.)

On Thu, Feb 20, 2014 at 12:01 PM, John Keiser jkeiser@getchef.com wrote:

This should be sufficient:

Point all your chef-clients at the (empty) new server

"knife download /" from your old server

"knife upload /" to your new server

On Thu, Feb 20, 2014 at 11:55 AM, JJ Asghar jj.asghar@peopleadmin.comwrote:

So it seems I've been asked to migrate my chef11 server from one
hosting company to another.

Any good suggestions/ideas/gotchas/tutorials to do this? I'd really
like not to have to have every client.pem have to be recreated and re-check
in.

Thanks in advance!

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com | c: 512.619.0722 | o: 512.977.5876

JJ_Asghar · February 20, 2014, 8:41pm

That covers the client/node pems too?

If so that’s bad ass.

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com | c: 512.619.0722 | o: 512.977.5876

From: John Keiser <jkeiser@getchef.com mailto:jkeiser@getchef.com>
Reply-To: "chef@lists.opscode.com mailto:chef@lists.opscode.com" <chef@lists.opscode.com mailto:chef@lists.opscode.com>
Date: Thursday, February 20, 2014 at 2:01 PM
To: "chef@lists.opscode.com mailto:chef@lists.opscode.com" <chef@lists.opscode.com mailto:chef@lists.opscode.com>
Subject: [chef] Re: Migrating opensource chef11 servers.

(You will need to add “versioned_cookbooks true” to your knife.rb for this to work.)

On Thu, Feb 20, 2014 at 12:01 PM, John Keiser <jkeiser@getchef.com mailto:jkeiser@getchef.com> wrote:
This should be sufficient:

Point all your chef-clients at the (empty) new server
“knife download /” from your old server
“knife upload /” to your new server

On Thu, Feb 20, 2014 at 11:55 AM, JJ Asghar <jj.asghar@peopleadmin.com mailto:jj.asghar@peopleadmin.com> wrote:

So it seems I’ve been asked to migrate my chef11 server from one hosting company to another.

Any good suggestions/ideas/gotchas/tutorials to do this? I’d really like not to have to have every client.pem have to be recreated and re-check in.

Thanks in advance!

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com mailto:jj.asghar@peopleadmin.com | c: 512.619.0722tel:512.619.0722 | o: 512.977.5876tel:512.977.5876

John_Keiser1 · February 20, 2014, 8:59pm

Yep! It saves and restores the public key for all clients. The actual
.pem files are private keys, and just stay on the client.

On Thu, Feb 20, 2014 at 12:41 PM, JJ Asghar jj.asghar@peopleadmin.comwrote:

That covers the client/node pems too?

If so that's bad ass.

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com | c: 512.619.0722 | o: 512.977.5876

From: John Keiser jkeiser@getchef.com
Reply-To: "chef@lists.opscode.com" chef@lists.opscode.com
Date: Thursday, February 20, 2014 at 2:01 PM
To: "chef@lists.opscode.com" chef@lists.opscode.com
Subject: [chef] Re: Migrating opensource chef11 servers.

(You will need to add "versioned_cookbooks true" to your knife.rb for
this to work.)

On Thu, Feb 20, 2014 at 12:01 PM, John Keiser jkeiser@getchef.com wrote:

This should be sufficient:

Point all your chef-clients at the (empty) new server

"knife download /" from your old server

"knife upload /" to your new server

On Thu, Feb 20, 2014 at 11:55 AM, JJ Asghar jj.asghar@peopleadmin.comwrote:

So it seems I've been asked to migrate my chef11 server from one
hosting company to another.

Any good suggestions/ideas/gotchas/tutorials to do this? I'd really
like not to have to have every client.pem have to be recreated and re-check
in.

Thanks in advance!

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com | c: 512.619.0722 | o: 512.977.5876

Ranjib · February 20, 2014, 9:07pm

yeah :0) .
btw whats nodes perm? every node has its own client,

On Thu, Feb 20, 2014 at 12:41 PM, JJ Asghar jj.asghar@peopleadmin.comwrote:

That covers the client/node pems too?

If so that's bad ass.

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com | c: 512.619.0722 | o: 512.977.5876

From: John Keiser jkeiser@getchef.com
Reply-To: "chef@lists.opscode.com" chef@lists.opscode.com
Date: Thursday, February 20, 2014 at 2:01 PM
To: "chef@lists.opscode.com" chef@lists.opscode.com
Subject: [chef] Re: Migrating opensource chef11 servers.

(You will need to add "versioned_cookbooks true" to your knife.rb for
this to work.)

On Thu, Feb 20, 2014 at 12:01 PM, John Keiser jkeiser@getchef.com wrote:

This should be sufficient:

Point all your chef-clients at the (empty) new server

"knife download /" from your old server

"knife upload /" to your new server

On Thu, Feb 20, 2014 at 11:55 AM, JJ Asghar jj.asghar@peopleadmin.comwrote:

So it seems I've been asked to migrate my chef11 server from one
hosting company to another.

Any good suggestions/ideas/gotchas/tutorials to do this? I'd really
like not to have to have every client.pem have to be recreated and re-check
in.

Thanks in advance!

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com | c: 512.619.0722 | o: 512.977.5876

Stephen_Lauck · February 20, 2014, 9:20pm

You may have to set the client/node permissions if going from Open Source
Chef to Enterprise Chef since the permissions may not exist in Open Source.

Here is a small ruby gist that will set the client/node permissions.

gist.github.com

https://gist.github.com/micgo/7226836

ec_node_fixer.rb

#!/usr/bin/env ruby
require 'rubygems'
require 'chef/knife'

Chef::Config.from_file(File.join(Chef::Knife.chef_config_dir, 'knife.rb'))

rest = Chef::REST.new(Chef::Config[:chef_server_url])

Chef::Node.list.each do |node|
  %w{read update delete grant}.each do |perm|

This file has been truncated. show original

On Thu, Feb 20, 2014 at 1:07 PM, Ranjib Dey dey.ranjib@gmail.com wrote:

yeah :0) .
btw whats nodes perm? every node has its own client,

On Thu, Feb 20, 2014 at 12:41 PM, JJ Asghar jj.asghar@peopleadmin.comwrote:

That covers the client/node pems too?

If so that's bad ass.

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com | c: 512.619.0722 | o: 512.977.5876

From: John Keiser jkeiser@getchef.com
Reply-To: "chef@lists.opscode.com" chef@lists.opscode.com
Date: Thursday, February 20, 2014 at 2:01 PM
To: "chef@lists.opscode.com" chef@lists.opscode.com
Subject: [chef] Re: Migrating opensource chef11 servers.

(You will need to add "versioned_cookbooks true" to your knife.rb for
this to work.)

On Thu, Feb 20, 2014 at 12:01 PM, John Keiser jkeiser@getchef.comwrote:

This should be sufficient:

Point all your chef-clients at the (empty) new server

"knife download /" from your old server

"knife upload /" to your new server

On Thu, Feb 20, 2014 at 11:55 AM, JJ Asghar jj.asghar@peopleadmin.comwrote:

So it seems I've been asked to migrate my chef11 server from one
hosting company to another.

Any good suggestions/ideas/gotchas/tutorials to do this? I'd really
like not to have to have every client.pem have to be recreated and re-check
in.

Thanks in advance!

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com | c: 512.619.0722 | o: 512.977.5876

--

Stephen Lauck

Consultant

415.269.3687 - lauck@opscode.com - *my:
*Linkedinhttp://www.linkedin.com/pub/stephen-lauck/50/954/26a/
Twitter https://twitter.com/stephenlauck

CHEF

GETCHEF.COM http://www.getchef.com

TM

getchef.com http://www.getchef.com Blog http://www.opscode.com/blog/
Facebook https://www.facebook.com/getchefdotcom
Twitterhttps://twitter.com/getchefdotcom
Youtube https://www.youtube.com/getchef

Meet me at #ChefConf 2014 http://chefconf.com/

JJ_Asghar · February 20, 2014, 9:21pm

Jeebus that’s awesome. Thanks guys!

You just made my weekend.

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com | c: 512.619.0722 | o: 512.977.5876

From: John Keiser <jkeiser@getchef.com mailto:jkeiser@getchef.com>
Reply-To: "chef@lists.opscode.com mailto:chef@lists.opscode.com" <chef@lists.opscode.com mailto:chef@lists.opscode.com>
Date: Thursday, February 20, 2014 at 2:59 PM
To: "chef@lists.opscode.com mailto:chef@lists.opscode.com" <chef@lists.opscode.com mailto:chef@lists.opscode.com>
Subject: [chef] Re: Re: Re: Migrating opensource chef11 servers.

Yep! It saves and restores the public key for all clients. The actual .pem files are private keys, and just stay on the client.

On Thu, Feb 20, 2014 at 12:41 PM, JJ Asghar <jj.asghar@peopleadmin.com mailto:jj.asghar@peopleadmin.com> wrote:
That covers the client/node pems too?

If so that’s bad ass.

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com mailto:jj.asghar@peopleadmin.com | c: 512.619.0722tel:512.619.0722 | o: 512.977.5876tel:512.977.5876

From: John Keiser <jkeiser@getchef.com mailto:jkeiser@getchef.com>
Reply-To: "chef@lists.opscode.com mailto:chef@lists.opscode.com" <chef@lists.opscode.com mailto:chef@lists.opscode.com>
Date: Thursday, February 20, 2014 at 2:01 PM
To: "chef@lists.opscode.com mailto:chef@lists.opscode.com" <chef@lists.opscode.com mailto:chef@lists.opscode.com>
Subject: [chef] Re: Migrating opensource chef11 servers.

(You will need to add “versioned_cookbooks true” to your knife.rb for this to work.)

On Thu, Feb 20, 2014 at 12:01 PM, John Keiser <jkeiser@getchef.com mailto:jkeiser@getchef.com> wrote:
This should be sufficient:

Point all your chef-clients at the (empty) new server
“knife download /” from your old server
“knife upload /” to your new server

On Thu, Feb 20, 2014 at 11:55 AM, JJ Asghar <jj.asghar@peopleadmin.com mailto:jj.asghar@peopleadmin.com> wrote:

So it seems I’ve been asked to migrate my chef11 server from one hosting company to another.

Any good suggestions/ideas/gotchas/tutorials to do this? I’d really like not to have to have every client.pem have to be recreated and re-check in.

Thanks in advance!

Best Regards,
JJ Asghar
e: jj.asghar@peopleadmin.com mailto:jj.asghar@peopleadmin.com | c: 512.619.0722tel:512.619.0722 | o: 512.977.5876tel:512.977.5876

Topic		Replies	Views
Migrating data from exitsted chef11 servers to new chef12 server Chef Infra (archive)	6	1565	October 20, 2015
Import existed client, node to chef server Chef Infra (archive)	18	1756	October 20, 2015
Migrating from chef 11 to chef 12 server Chef Infra (archive)	8	1847	December 15, 2016
Moving Chef-server from CentOS 5.5 to CentOS6.x on another server Chef Infra (archive)	1	266	February 23, 2012
Migrating to Chef 12 Server from Chef 10 Chef Infra (archive)	7	1376	March 18, 2016

Migrating opensource chef11 servers

Related Topics